[openssl-users] Setting an OCSP stapling response on a DTLS server result in crash

Julien Vermillard jvermillard at gmail.com
Mon Aug 29 16:17:18 UTC 2016


It's a mix of C and Go, so it's really not minimal, but I'll try to modify
s_server to see if I can reproduce it.

--
Julien Vermillard

On Mon, Aug 29, 2016 at 6:13 PM, Matt Caswell <matt at openssl.org> wrote:

>
>
> On 29/08/16 17:08, Julien Vermillard wrote:
> > I have a DTLS 1.2 server based on last master (commit
> > d196305aa0de1fc38837c27cb1ea6e60af9dd98d)
> > I try to add ocsp stapling support (based on code in s_server.c).
> >
> > Basicaly in my callback I set the OCSP response by:
> >
> >
> >     if (SSL_set_tlsext_status_ocsp_resp(s,dataPtr,respLen) == 0) {
> >         return SSL_TLSEXT_ERR_NOACK;
> >     } else {
> >         return SSL_TLSEXT_ERR_OK;
> >     }
> >
> > but if my server manage to get an OCSP response it crash with this
> message:
> >
> > ssl/statem/statem_dtls.c:127: OpenSSL internal error: assertion failed:
> > s->init_num == (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH
> >
> > Any clue?
>
> Do you have some minimal reproducer?
>
> Matt
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160829/6c8ab8ab/attachment.html>


More information about the openssl-users mailing list